Tomato v1.23 wireless connection being hacked

I'm running 1.23 on a WRT54GL with a WPA password that is a combination of letters and numbers.
Back in February i noticed the activity light on the router was blinking like mad even though my pc wasn't turned on. I went to my ISP's site and checked my internet usage and discovered that for the previous 7 days, there was an accumulated 30gigs of usage that wasn't mine. It was quite obvious that someone else was using my wireless since my typical uploads are just a few hundred megs per day at most but now were a couple of gigs.... just in uploads alone.

I changed the password and immediately the light stopped blinking. the next day i checked my usage again and that definitely solved the problem.

Except that about a month later it happened again. This time i caught it earlier so they only stole about 7 gigs. But that still put me over my monthly usage limit so again i was billed extra. Changing the password again solved the problem.

Except that it happened yet again....for the 3rd time, only a few days later.

My ISP won't/can't do anything about it and they made it clear that i will be paying for all of the usage.
I'm mystified as to how this is happening and I don't know what to do. Changing my password every day is going to be a huge pain.
Would going back to the Linksys firmware help?
Is there another solution?

Since they claim to have WPA2 support there only seems to be one solution: don't use WPA anymore, because it has several weaknesses and use a passphrase that is truly random and probably uses the maximum length of 63 characters. There are enough generators around.

Second: You probably should use the MAC-Filter under Basic/Wireless Filter.

Third: Having some stranger in your local network is very bad, because he probably can access non-protected shares as well, so your other PCs might need some security hardening as well.

Since they claim to have WPA2 support there only seems to be one solution: don't use WPA anymore, because it has several weaknesses and use a passphrase that is truly random and probably uses the maximum length of 63 characters. There are enough generators around.

Second: You probably should use the MAC-Filter under Basic/Wireless Filter.

Third: Having some stranger in your local network is very bad, because he probably can access non-protected shares as well, so your other PCs might need some security hardening as well.

You might be surprised. If you used a combination of your address, wife and/or kids names, birthdays, etc, it would not take long to brute force your network (assuming the attacker has access to that info).

If this happens again and you implemented all the prior suggestions, then you have another problem. If your WPA passphrase is random enough, and long enough, it *theoretically* can't be cracked in a reasonable amount of time.

So one conclusion to come to is your attacker left a backdoor into your local network. This is possible if he had access to your local network (as opposed to just guessing your WPA passphrase and leeching your wireless). That's why I mentioned to change your admin password on your router also.

And not to skip over the obvious, you are using WPA and not WEP? I had to ask, since WEP can be cracked with very little effort.

WPA is cracked alomst as easily as WEP thanks to it's TKIP compatibility, something many people still don't realise. WPA2 AES with the full length hexadecimal key or nothing. If you aren't then a gpu accelerated "password recovery" tool will brute-force it's way in in very little time.

Make use of Mac Filtering, if you don't use wireless connection disable it, if you are using Allow only your MAC Address check your logs regularly, use static DHCP if you have 3 pcs use IP range from 192.168.1.100 -192.168.1.102, and last make use of RANDOM under wireless and randomize your password

This is good password " T%Wwe7hWQ!uzdTpKRYU$ZoGacDTn6a6PCkuRg43xur3$h22&uTqFiHGHRr7nHZW "

he/she might not have to guess. Your computer might sends information out without your knowing. He/she might have left something behind. Check your computer first. Then work on your router with all the suggestions above. This time don't broadcast your router SSID and disable router wireless by schedules when you are not using it.

How many computers do you have?
Which OS are you using?
What kind of protection do you use? Firewall, Anti virus?

Personally I would do this way.

Disconnected router and net.
Reinstall Windows,install protection Anti virus, Spy Bot and so on. once all if it done connect to net WITHOUT wireless connection hard wire only.
Update Windows and Anti virus,

Than connect wireless router and do this:

Make use of Mac Filtering, if you don't use wireless connection disable it, if you are using Allow only your MAC Address check your logs regularly, use static DHCP if you have 3 pcs use IP range from 192.168.1.100 -192.168.1.102, and last make use of RANDOM under wireless and randomize your password

This is good password " T%Wwe7hWQ!uzdTpKRYU$ZoGacDTn6a6PCkuRg43xur3$h22&uT qFiHGHRr7nHZW "

and change mac adress of your router so the attacker won't know its you and CHANGE router name TOMATO to Something Alse

WPA is cracked alomst as easily as WEP thanks to it's TKIP compatibility, something many people still don't realise. WPA2 AES with the full length hexadecimal key or nothing. If you aren't then a gpu accelerated "password recovery" tool will brute-force it's way in in very little time.

Click to expand...

Nah. As long as the password length is 14+ characters (and uses special characters), there ain't any GPU around that will be able to brute force it.

A password of 14 characters long that uses all 94 printable ascii characters will have an entropy of ~90 bits. This means it would take the latest ATI GPU (which can calculate a billion passwords per second) about 78 billion years to exhaust all possibilities.

The OP is either using easy passwords, not using AES, or is using WEP.

I wrote a program for my own personal use that generates random passwords using a cryptographically secure PRNG. Here is an example of a 14 character long password:

Correct Me If I'm Wrong: MAC-Filtering is useless.
As soon as the WPA key is cracked, the Network Traffic can be listened. If you are active with your WLAN-Device which has the allowed MAC-Address, the attacked see's your MAC-Address in every transmitted package (Data Link Layer).
MAC-Adresse can be easily faked (e.g. see your tomate at: .../advanced-mac.asp).
If your device if offline, he could have full-access to your Network with the faked MAC.

Use WP2 with AES, a totally random Pre-Shared-Key of 63 printable ASCII characters, turn in Wi-Fi if u dont use it(I use the button of my WRT54GL to toggle it on/off) and disable 'Wireless Access' on Tomato.

Also try and upgrade to 1.27 as the attacker might know your public IP and make use of some vulnerabilities in 1.23's services to gain access to the router.
WPA2-AES is the best way to go. TKIP, as the other guys said, is... well, not "easy" to crack but it's crackable.